Your organisation almost certainly stores and handles information and data, even if it’s just phone numbers in a notebook. Once you create a record, you have an obligation to protect its security. Failure to do so leaves you vulnerable to breaches and even prosecution.
ISO/IEC 27001:2013 (normally just known as ISO 27001) is the international standard for Information Security Management Systems (ISMS) and helps you manage this challenge.
It’s not just about cyber security. It allows you to take control of the security of information in whatever form it’s held and however it’s transmitted – on paper, electronically, by post or email, shown on films or even spoken in conversation. Whatever form it takes, or means by which it is stored and shared, the standard helps to make sure it’s always appropriately protected to assist with the preservation of:
Confidentiality – ensuring that access to information is appropriately authorised
Integrity – safeguarding the accuracy and completeness of information and processing methods
Availability – ensuring authorised users have access to information when required
- Protects your organisation – Improves defences to reduce the risk of information security breaches including identity theft
- Limits damage – Minimises the chance of accidental leaks
- Embeds best practice – Demonstrates credibility and trust by reassuring customers, employees and all stakeholders that information and systems are secure
- Reduce errors – Minimises the chance of accidental leaks
- Relevance and accuracy – Introduces discipline in managing quality of stored information to ensure it is relevant and accurate
- Authorisation – Access and ability to modify information security breach meaning you are less susceptible to lost business and fines
- Compliance – Enhances compliance by helping ensure relevant laws (including GDPR), regulations and contractual requirements are met
- Win new business – ISO 27001 certification gives a competitive edge to help you win more business
Preparation
Your dedicated Auditor will be in touch to go through the audit plan in preparation for your Stage 1 assessment.
Stage 1 assessment
There’s no pressure for the first assessment; many are surprised what they already have in place following this visit. The report issued will highlight the next steps you need to take to achieve your certification.
Stage 2 assessment
When you’re ready, your Auditor will visit again to establish if your management systems and processes meet the requirements of the standard. You’ll be advised of the Auditor’s recommendations on the day which will be ratified by our Compliance department, and your certification will be issued following the decision.
Annual assessment
The excellent reputation of ISO 9001 is driven by its requirement for ongoing improvement, so we’ll keep in touch and arrange annual assessments to keep your certification up-to-date.